Threats / SolarWinds / CVE-2024-28987
CVE-2024-28987
· EUVD no mirror located
· GCVE no mirror located
Verified 2026-06-22
SolarWinds Web Help Desk vulnerability
SolarWinds Web Help Desk contains hardcoded credentials allowing unauthenticated remote access to internal functionality and data modification.
Verdict
Today item — known-exploited.
A hardcoded credential vulnerability in Web Help Desk enables remote attackers to bypass authentication, access sensitive internal systems, and modify data without authorization. Active exploitation in the wild elevates risk.
01
Is it exploitable?
— the evidence, ranked above the scoreExploit available
Fully weaponized — public exploit code is cataloged for this vulnerability.We link the existence of the exploit; we do not host or redistribute payloads.
Reported exploitation
3 independent public reports of in-the-wild exploitation are cataloged.Distinct reporting sources (vendor, incident response, government); open them for the underlying claims.
Exploited in the wild
Listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-10-15).
Probability (EPSS)
EPSS 0.93159 — modeled likelihood of exploitation activity.EPSS is a daily-changing model output — open the source for today's value.
Severity / affected
Affected: SolarWinds, Web Help Desk. Confirm exact fixed builds in the vendor advisory.
Weakness (CWE)
Mapped to CWE-798 Hard-coded Credentials — weakness family: Authentication.CWE assignment from the public NVD record; the weakness class drives how the flaw is exploited.
02
Who’s exploiting it?
— attribution turns risk into urgencyAttribution not established
No confirmed (advisory-backed) threat-actor attribution is established for this record. Absence of a named actor is not absence of compromise — see Coverage & confidence.
03
Why it matters
— the attack path, told twice: adversary, then board1
Front door — unauthenticated access narrative 1
Attacker
I discover the hardcoded credential embedded in the application or its documentation.
Business
Attackers gain unauthorized access to help desk systems containing sensitive customer and employee information.
2
Keys to the kingdom — privilege/identity takeover narrative 2
Attacker
I authenticate to Web Help Desk using the hardcoded credential without any user interaction or detection.
Business
Internal access controls fail to prevent unauthorized system entry, creating an undetected foothold.
3
Lateral reach — past segmentation narrative 3
Attacker
I modify tickets, user records, or configuration data within the help desk system.
Business
Data integrity is compromised; support operations are disrupted and audit trails become unreliable.
4
Data at risk — exfiltration narrative 4
Attacker
I pivot to connected systems or extract credentials stored within the help desk database.
Business
The compromised help desk becomes a staging point for lateral movement across the organization's infrastructure.
5
Lights out — disruption & extortion narrative 5
Attacker
I maintain persistent access by creating additional accounts or backdoors within the application.
Business
Long-term compromise enables ongoing data theft, system manipulation, and potential regulatory violations.
04
What to do
— defensible action- Remediate per the vendor advisory — confirm the fixed build for your version and verify exposure.1
Say it to the boardA vulnerability with this evidence profile is a defensible budget line, not a backlog ticket — fund the change against the proof above.
05
Coverage & confidence
— what we know, and what we don’tEstablished (cited)
Coverage gaps — stated, not hidden
Disclosure & credit2
Catalogued by SolarWindsCNA
Credited with finding itZach Hanleyfinder